CVE-2014-3472 in Red Hat JBoss Enterprise Application Platforminfo

Summary

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Reservation

05/14/2014

Disclosure

08/19/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
70657	Red Hat JBoss Enterprise Application Platform Access Restriction isCallerInRole access control	264	Not defined	Not defined	CVE-2014-3472

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!